The x86 emulator implementation was missing a check for the CurrentPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guestcould leverage these flaws to cause a denial of service (guest crash) orpossibly escalate their privileges within that guest. (CVE-2010-0298,CVE-2010-0306)

A flaw was found in the Programmable Interval Timer (PIT) emulation. Accessto the internal data structure pit_state, which represents the data stateof the emulated PIT, was not properly validated in the pit_ioport_read()function. A privileged guest user could use this flaw to crash the host.(CVE-2010-0309)

A flaw was found in the USB passthrough handling code. A specially-craftedUSB packet sent from inside a guest could be used to trigger a bufferoverflow in the usb_host_handle_control() function, which runs under theQEMU-KVM context on the host. A user in a guest could leverage this flaw tocause a denial of service (guest hang or crash) or possibly escalate theirprivileges within the host. (CVE-2010-0297)

* a bug in the grow_refcount_table() error handling caused infiniterecursion in some cases. This caused the qemu-kvm process to hang andeventually crash. (BZ#552159)

* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an "unhandledvm exit" error could occur during reboot on some systems. (BZ#552518)

* for Windows guests, QEMU could attempt to stop a stopped audio device,resulting in a "snd_playback_stop: ASSERT playback_channel->base.activefailed" error. (BZ#552519)

* the Hypercall driver did not reset the device on power-down. (BZ#552528)

* mechanisms have been added to make older savevm versions to be emitted insome cases. (BZ#552529)

* an error in the Makefile prevented users from using the source RPM toinstall KVM. (BZ#552530)

* guests became unresponsive and could use up to 100% CPU when runningcertain benchmark tests with more than 7 guests running simultaneously.(BZ#553249)

* QEMU could terminate randomly with virtio-net and SMP enabled.(BZ#561022)

All KVM users should upgrade to these updated packages, which containbackported patches to resolve these issues. Note: The procedure in theSolution section must be performed before this update will take effect.

Solution

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.

The following procedure must be performed before this update will takeeffect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using"modprobe -r [module]") and reload (using "modprobe [module]") all of thefollowing modules which are currently running (determined using "lsmod"):kvm, ksm, kvm-intel or kvm-amd.